package com.lk.security.authentication.session;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.session.SessionRegistry;
import org.springframework.security.web.authentication.logout.LogoutHandler;
import org.springframework.stereotype.Component;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * @program: lk-security-parent
 * @description: 自定义退出处理器 清楚缓存session
 * @author: Aspirin
 * @create: 2020-06-13 00:55
 */
@Component
public class CustomLogoutHandler implements LogoutHandler {

  @Autowired private SessionRegistry sessionRegistry;

  @Override
  public void logout(
      HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
    // 退出之后，将对应session从缓存中清除 SessionRegistryImpl.principals
    sessionRegistry.removeSessionInformation(request.getSession().getId());
  }
}
